Q1 -IIS7 by default automatically registers FormsAuthenticationModule ( which is defined in root web.config file ), but does the term “Http module being integrated into IIS 7 processing pipeline refers” only to cases where this registered module is also configured to work with non-Asp.Net applications?
In my opinion if module is not configured to work with non-Asp.Net applications, even if it is automatically registered by IIS 7, then we can’t really claim that it is integrated into IIS 7’s processing pipeline?!
Q2
A) IIS7 automatically registers some of the modules defined in root web.config file. If we configure ( via IIS7 manager ) UrlAuthorizationModule ( which is defined in root web.config and which IIS 7 registers by default ) to be used with non-Asp.Net apps also, then IIS7 puts the following entry into application’s root web.config file:
<modules>
<remove name="UrlAuthorization" />
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" preCondition="" />
But why did IIS 7 also include <remove name="UrlAuthorization" /> element?
B) I assume if we then change our mind and decide to use this module only with Asp.Net applications, we can safely remove the following element:
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" preCondition="" />
from application’s root web.config file, since now our application can use UrlAuthorizationModule defined in root web.config?!
Q3
I realize IIS7 by default registers FormsAuthenticationModule defined in root web.config file, but assume we register another FormsAuthenticationModule in web.config contained in a root directory of some web application.
- I assume when request for web page is received, two instances of FormsAuthenticationModule will be executed for that request?
thanx
EDIT:
A1.
"integrated" vs "classic" processing pipelines is a property on the application pool. It is correct that modules can be set to run only in "integrated" pipelines.
My question was referring to IIS 7 in integrated mode. Namely, my book uses the term “Http module being integrated into IIS 7 processing pipeline refers” to describe a situation where custom Http handler has been registered with IIS 7 (running in integrated mode). But it doesn’t say whether the term refers to situation when this registered handler is configured to work with non-asp.net applications also or do we also use this term when registered Http handler is configured to only work with Asp.Net applications?
A2. B. Yes, you can remove the "remove" as well as the "add" lines. This is what the GUI will do if you change it back to inherit the settings.
But in my case IIS 7 doesn’t remove
<add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule" preCondition="" />
from application’s root web.config file,,it just changes the value of preCondition attribute back to "managedHandler"
A3. I think you'll get an error if you try to add 2 modules that have the same "name" attribute. If you really want it in there twice then change the "name" of the 2nd one.
I apologize, I should be more specific, but my question was referring to a situation where two modules would have different names.
So in that case there will be two instances of FormsAuthenticationModule running?
thanx
